How to use the command 'query' (with examples)
- Windows
- November 5, 2023
The ‘query’ command is a powerful tool used to display information about user sessions and processes. It provides various options and parameters to customize the output according to specific requirements. This article aims to illustrate each of the different use cases of the ‘query’ command and provide examples for each scenario.
Use case 1: Display all user sessions
Code:
query session
Motivation: This command is useful when you want to view all active user sessions on the local machine. It provides information such as session ID, username, state, and session type. By executing this command, you can quickly identify how many users are currently logged in and their session states.
Example Output:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
>services 0 Disc
console Administrator 1 Active
rdp-tcp 65536 Listen
Use case 2: Display the current user sessions on a remote computer
Code:
query session /server:hostname
Motivation: Sometimes it is necessary to check the user sessions on a remote computer. This command allows you to specify the target computer by using the /server parameter followed by the hostname. This can be useful for administrators who need to monitor user activity on specific machines in a networked environment.
Example Output:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
>console Administrator 0 Active
Use case 3: Display logged in users
Code:
query user
Motivation: This command is used to display a list of logged-in users. It provides information such as the username, session type, and session status. By executing this command, you can quickly determine who is logged in to the system at any given time.
Example Output:
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
>Administrator console 0 Active 1+00 07/12/2022 08:30
Use case 4: Display all user sessions on a remote computer
Code:
query session /server:hostname
Motivation: Similar to the second use case, this command also allows you to view user sessions on a remote computer. By specifying the target computer using the /server parameter followed by the hostname, you can fetch information about the sessions on the remote machine.
Example Output:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
>console Administrator 0 Active
Use case 5: Display all running processes
Code:
query process
Motivation: In some situations, it is necessary to determine the running processes on the system. This command provides a list of all active processes along with their process IDs (PIDs), session IDs, and memory usage. By executing this command, you can get an overview of which processes are currently running on the system.
Example Output:
SESSIONNAME USERNAME ID PID IMAGE
>services 0 4 System
console Administrator 1 544 cmd.exe
Use case 6: Display running processes by session or username
Code:
query process session_name|user_name
Motivation: This command is useful when you want to narrow down the list of running processes based on a particular user session or username. By providing the session name or username as an argument, you can retrieve information about the processes associated with a specific session or user.
Example Output:
SESSIONNAME USERNAME ID PID IMAGE
>console Administrator 0 544 cmd.exe
Conclusion:
The ‘query’ command in Windows provides a comprehensive set of options to obtain information about user sessions and processes. Whether it’s checking active user sessions, monitoring remote computers, or retrieving process details, the ‘query’ command offers flexibility and valuable information for system administrators and users alike. By familiarizing yourself with the different use cases and examples provided in this article, you can effectively utilize the ‘query’ command to meet your specific requirements.
